Download Latest Version Constantine v0.2.0 _Coat of Arms_ source code.tar.gz (24.5 MB)
Email in envelope

Get an email when there's a new version of Constantine

Home / v0.2.0
Name Modified Size InfoDownloads / Week
Parent folder
Constantine v0.2.0 _Coat of Arms_ source code.tar.gz 2025-01-26 24.5 MB
0
Constantine v0.2.0 _Coat of Arms_ source code.zip 2025-01-26 25.3 MB
0
README.md 2025-01-26 12.1 kB
0
Totals: 3 Items   49.9 MB 0

I am very happy to present you the second version of Constantine.

I thank the Ethereum Foundation for their sponsorship on implementing Torus-based cryptography to make the performance of Secret Leader Election viable.

The highlight of this release, and the inspiration for its name is the introduction of specialized ARM64 assembly for most key field operations and SHA256. Thanks to it the latest M4 Max is within 5% of an overclocked AMD Ryzen 9950X on single-threaded performance (though multithreaded performance is lackluster due to Apple very aggressive powersaving). Currently this is only for MacOS but will be coming to Linux, Android and iOS.

The second highlight of this release is significant backend work for JIT compiling elliptic curves to Nvidia and AMD GPUs. \ Backends for x86 and ARM have also been explored and could present an alternative to provide libconstantine as a fully optimized assembly file, at least at Ethereum and elliptic curves level. This would streamline build systems by removing the Nim compiler. and also make it easy to vectorize the library.

Constantine is currently being scoped for a security audit, after which a 1.0 version should follow. You can review the scope here: https://github.com/mratsim/constantine/pull/483, and I'm looking for sponsors.

An independent benchmark showed that Constantine is as of January 2025 the fastest backend for EIP-4844 / KZG polynomial commitments: https://github.com/grandinetech/rust-kzg.

The Nim minimum version has been updated to Nim v2.2.0. 99% of Constantine should still work with v1.6.16 and v2.0.8 except the Torus-basec cryptography part.

Now let's review the main changes per-category

Ethereum

The focus for this release has been Ethereum Execution layer with the introduction of: - Keccak hash function - ECDSA signatures over secp256k1 - RIPEMD160 hash function and EVM precompile - KZG Point Evaluation EVM precompile - ECRECOVER precompile (under review) - repricing of EIP-2537 (BLS12-381 precompiles)

Performance on x86 and ARM is detailed in: https://github.com/mratsim/constantine/pull/520

The precompiles are exposed in C, Nim and Rust except ECRECOVER which is under review for corner cases that may not be covered by Ethereum tests and "low performance" (a 1.7x perf advantage at low-level turns to 1x no advantage at elliptic curve level - https://github.com/mratsim/constantine/issues/446)

The inner product argument (IPA) multi-proof primitives for Ethereum Verkle Tries have been thoroughly reviewed and improved.

On the Consensus side, sponsored work has been done on accelerating multi-exponentiation in 𝔾ₜ pairing group via Torus-based cryptography for the purposes of secret leader election: https://ethresear.ch/t/the-return-of-torus-based-cryptography-whisk-and-curdleproof-in-the-target-group/16678/4

Proof-system

Multilinear extensions of polynomials have been added. This is a prerequisite for sumchecks, the current state-of-the-art proving technique in research.

A Groth16 prover has been submitted in a PR by @Vindaar and is under final review.

Backend

We added an ARM64 compile-time assembler and 90% of the main computing bottlenecks now have ARM64 acceleration. Performance: https://github.com/mratsim/constantine/pull/513

Exploration in LLVM JIT compilation for GPU has been progressing with: - the Nvidia backend now having a prototype serial MSM thanks to @Vindaar - AMD GPUs being supported

The threadpool had a task garbage collection fix on ARM64 (and other weak memory models ISA)

Misc

Constantine can now generate benchmarks in https://zka.lc format with

git clone https://github.com/mratsim/constantine
cd constantine
nimble make_zkalc
bin/constantine-bench-zkalc --curve=BLS12_381 --o=myoutputfile.json

In CI, the Nim installation script has been completely rewritten to install from either of: - source - nightlies - website and can handle versioning for all 3 as well as the new Linux and MacOS ARM64 builds, and testing on Linux in 32-bit mode.

Future work

Please refer to https://github.com/mratsim/constantine/blob/v0.2.0/PLANNING.md and the issue tracker https://github.com/mratsim/constantine/issues?q=is%3Aopen+is%3Aissue+label%3A%22enhancement+%3Ashipit%3A%22+

Here are some of the work stream I want to prioritize

  • Work is currently being done to improve the LLVM backend codegen. It may provide multiple advantages:
  • pure assembly: remove GCC vs Clang compiler differences (may be as high as 20%).
  • we can ensure constant-time properties without the compiler rugpulling us.
  • vectorization can be just changing i256 to <i256 x 4> and reusing the exact same LLVM IR.
  • GPU acceleration
  • Ethereum PeerDAS / Data Availability Sampling (Erasure coding + 2D KZG proofs)
  • Sumchecks Polynomial commitment scheme (PCS)
  • Small fields support like Baby Bear, Koala Bear, Goldilocks and Mersenne31
  • FRI, Deep FRI and STIR PCS.
  • Blake2 to finish EVM precompiles.
  • Poseidon2 hash function

-- Mamy

Detailed changes (auto-generated)

New Contributors

Full Changelog: https://github.com/mratsim/constantine/compare/v0.1.0...v0.2.0

Source: README.md, updated 2025-01-26